Design/Logic Flaw

2020-05-0520:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

CPENameOperatorVersion
unity_orchestratorlt8.9.2

CPE	Name	Operator	Version
	unity_orchestrator	lt	8.9.2

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf